Bugtraq mailing list archives
RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem
From: "Geo." <geoincidents () nls net>
Date: Wed, 8 Mar 2006 13:27:18 -0500
In the scenario you describe, I cannot see any actual amplification...
I'll give you a senario where you can see. lets say you have 2 name servers that are local to you. I setup a domain, example.com. In this domain I create a text record which is 100K in length, I don't know, perhaps I paste the source code to decss in it, whatever it's a big text record. Now I simply spoof a UDP packet using your IP address as the source address and send it to both of your dns servers. This packet is a query for the example.com text record. I have now sent two very small packets and you have received 200K of traffic. That's the amplification, one small udp packet, one large text record in return. Note, I don't have to use your local servers, but this way it makes it more fun to troubleshoot because it looks like you are the cause of your own flooding.. Geo.
Current thread:
- RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Geo. (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Security Lists (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem gboyce (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Mark Senior (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Robert Story (Mar 17)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Bram Matthys (Syzop) (Mar 20)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Tim (Mar 23)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem gboyce (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Security Lists (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Måns Nilsson (Mar 17)